NOTE: Do not assume "sAMAccountName" is accurate in all cases. Improper selection may result in a message similar to this one: "LDAP ADDRESS BOOK SETTINGS ERROR: No results were found in the specified Object Classes with the specified Search Attributes".

Tells the MFP what attribute to search for when authenticating users’ credentials

Full name attribute

Authentication

cn or common name is used in almost every AD environment and contains the full name.

Other possible values in other LDAP environments.

The cn(full name) comprises the given name and surname as one would see with an LDAP browser.

Tells the MFP which attribute holds the users full name

These values can also be found using Softerra™, ADSI edit, or under Active Directory's "Users and Computers"

Group Search Base

Authorization

CN=Lexmark,DC=company,DC=com

This setting is not required if group-based Authorization is not necessary.

Similar to the Search Base, Group Search Base tells the MFP where in the directory “tree” to start searching for a particular group.

Shortname

Authorization

User-defined value

Name for a group

This group to be associated with the group identifier

Required when the environment requires access restrictions to functions and features.

Group Identifier

Authorization

CN=Administrators,CN=Lexmark,DC-company,DC=com

Important! DN format with no spaces.

Tells the MFP what container(CN) or organization unit (OU) it needs to search to validate if an authenticated user is a member of an authorized group.

* Lexmark is not responsible for identifying any of configuration settings referenced in this article. See your LDAP administrator to obtain these values.

NOTE: If successfully configured, the MFP will be able use LDAP to perform simple authentication associated with this building block along with user and group-based authorization.

14.

Enter the Group Search Base. Similar to the Search Base, but point to the container.

15.

Enter Short Name. Any name to identify this user or group of users that may be tied to a specific access control.

16.

Enter Group Identifier.

17.

Again, to test the building block, click the Submit button, The page will refresh and return to the Manage LDAP Setups page.
Click on the Test LDAP Authentication Setup button next to the corresponding SetupName.

NOTE: Additional Short Names for groups and Group Identifiers can be put in the fields to allow access for
advanced environments.

This form of authentication verifies user credentials (Username and Password) against the LDAP server's directory structure. Other authentication types such as internal authentication, Kerberos, CAC, or biometrics do not allow for simultaneous e-mail look-ups.

Are there more secure forms of authentication?

LDAP + GSSAPI, SLDAP with SSL or IPsec are all more secure than LDAP authentication alone.

Benefits?

- Works well to limit or secure MFP functions such as “Scan-to” functions.

- Prevent unknown user access.

- Enables administrators to track the e-mail use per authenticated user versus the default behavior which allows anyone to walk up to the MFP and send an e-mail.

- Default behavior or functionality allows e-mail can be traced back to the MFP but not to the user.

- Other data and auditing tracking is possible.

What is authorization?

Authorization determines the rights and abilities of a logged-in user.

What is it used for?

Authorization supplements the authentication process by determining whether or not a user and/or a group has access to a particular function and/or feature on a MFP. It is sometimes referred to as “Role Based” rights or restrictions.

MFP Support?

At this time, only the X46x*, X73x, X86x Series MFPs support authorization.

*Anx denotes any number within a given series; for example, X466dte.

How does it work?

Specific User and/or Group names utilized for Authorization are created within and can only be used with LDAP, LDAP+GSSAPI and Internal Account authentication mechanism building blocks.

Lexmark's card-based solutions also utilize and take advantage of this authorization functionality.